+#ifdef __linux__
+/*
+ * Override application pid/uid/gid with unix socket credentials. If
+ * the application announced a pid matching our view, it means it is
+ * within the same pid namespace, so expose the ppid provided by the
+ * application.
+ */
+static
+int get_cred(int sock,
+ const struct ustctl_reg_msg *reg_msg,
+ uint32_t *pid,
+ uint32_t *ppid,
+ uint32_t *uid,
+ uint32_t *gid)
+{
+ struct ucred ucred;
+ socklen_t ucred_len = sizeof(struct ucred);
+ int ret;
+
+ ret = getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &ucred, &ucred_len);
+ if (ret) {
+ return -LTTNG_UST_ERR_PEERCRED;
+ }
+ DBG("Unix socket peercred [ pid: %u, uid: %u, gid: %u ], "
+ "application registered claiming [ pid: %u, ppid: %u, uid: %u, gid: %u ]",
+ ucred.pid, ucred.uid, ucred.gid,
+ reg_msg->pid, reg_msg->ppid, reg_msg->uid, reg_msg->gid);
+ if (!ucred.pid) {
+ ERR("Unix socket credential pid=0. Refusing application in distinct, non-nested pid namespace.");
+ return -LTTNG_UST_ERR_PEERCRED_PID;
+ }
+ *pid = ucred.pid;
+ *uid = ucred.uid;
+ *gid = ucred.gid;
+ if (ucred.pid == reg_msg->pid) {
+ *ppid = reg_msg->ppid;
+ } else {
+ *ppid = 0;
+ }
+ return 0;
+}
+#elif defined(__FreeBSD__)
+#include <sys/ucred.h>
+#include <sys/un.h>
+
+/*
+ * Override application uid/gid with unix socket credentials. Use the
+ * first group of the cr_groups.
+ * Use the pid and ppid provided by the application on registration.
+ */
+static
+int get_cred(int sock,
+ const struct ustctl_reg_msg *reg_msg,
+ uint32_t *pid,
+ uint32_t *ppid,
+ uint32_t *uid,
+ uint32_t *gid)
+{
+ struct xucred xucred;
+ socklen_t xucred_len = sizeof(struct xucred);
+ int ret;
+
+ ret = getsockopt(sock, SOL_SOCKET, LOCAL_PEERCRED, &xucred, &xucred_len);
+ if (ret) {
+ return -LTTNG_UST_ERR_PEERCRED;
+ }
+ if (xucred.cr_version != XUCRED_VERSION || xucred.cr_ngroups < 1) {
+ return -LTTNG_UST_ERR_PEERCRED;
+ }
+ DBG("Unix socket peercred [ uid: %u, gid: %u ], "
+ "application registered claiming [ pid: %d, ppid: %d, uid: %u, gid: %u ]",
+ xucred.cr_uid, xucred.cr_groups[0],
+ reg_msg->pid, reg_msg->ppid, reg_msg->uid, reg_msg->gid);
+ *pid = reg_msg->pid;
+ *ppid = reg_msg->ppid;
+ *uid = xucred.cr_uid;
+ *gid = xucred.cr_groups[0];
+ return 0;
+}
+#else
+#warning "Using insecure fallback: trusting user id provided by registered applications. Please consider implementing use of unix socket credentials on your platform."
+static
+int get_cred(int sock,
+ const struct ustctl_reg_msg *reg_msg,
+ uint32_t *pid,
+ uint32_t *ppid,
+ uint32_t *uid,
+ uint32_t *gid)
+{
+ DBG("Application registered claiming [ pid: %u, ppid: %d, uid: %u, gid: %u ]",
+ reg_msg->pid, reg_msg->ppid, reg_msg->uid, reg_msg->gid);
+ *pid = reg_msg->pid;
+ *ppid = reg_msg->ppid;
+ *uid = reg_msg->uid;
+ *gid = reg_msg->gid;
+ return 0;
+}
+#endif
+